Re: [Django] #33513: Custom authentication class: raising AuthenticationFailed leads to 403

[Django]

#33513: Custom authentication class: raising AuthenticationFailed leads to 403
--------------------------------+--------------------------------------
     Reporter:  Wissperwind     |                    Owner:  nobody
         Type:  Bug             |                   Status:  new
    Component:  contrib.auth    |                  Version:  3.2
     Severity:  Normal          |               Resolution:
     Keywords:  authentication  |             Triage Stage:  Unreviewed
    Has patch:  0               |      Needs documentation:  0
  Needs tests:  0               |  Patch needs improvement:  0
Easy pickings:  0               |                    UI/UX:  0
--------------------------------+--------------------------------------
Description changed by Wissperwind:

Old description:

> Hi,
> I am writing a custom authentication class. I overwrite:
>
> **def authenticate(self, request):**
>
> If a user is not authenticated I do:
> **raise exceptions.AuthenticationFailed(_('Invalid token.'))**
> I expect that djano returns a 401. But django returns 403 like if I were
> in has_permission(). But I am in authenticate() for sure and if there
> this exception is raised Django, sholuld return a 401!
>
> My custom auth class inherits from BaseAuthentication:
> from rest_framework.authentication import BaseAuthentication

New description:

 Hi,
 I am writing a custom authentication class. I overwrite:

 **def authenticate(self, request):**

 If a user is not authenticated I do:
 **raise exceptions.AuthenticationFailed(_('Invalid token.'))**
 I expect that djano returns a 401. But django returns 403 like if I were
 in has_permission(). But I am in authenticate() for sure. And if in this
 methoid this exception is raised Django, sholuld return a 401!

 My custom auth class inherits from BaseAuthentication:
 from rest_framework.authentication import BaseAuthentication

--

-- 
Ticket URL: <https://code.djangoproject.com/ticket/33513#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/069.c5d4bbc94b7fb7fc91278d35ce4e06b3%40djangoproject.com.